copper-tone-tech/web-hosts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
web-hosts/domains/coppertone.tech/scripts/audit/run-all-audits.sh
Derek Williams c7d6786039 Add full web-hosts state
2025-12-26 13:38:04 +01:00

447 lines
13 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# =============================================================================
# MASTER AUDIT RUNNER
# Orchestrates all audit scripts and generates a consolidated report
# =============================================================================
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)"
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
MASTER_OUTPUT_DIR="$PROJECT_ROOT/audit-reports"
CONSOLIDATED_REPORT="$MASTER_OUTPUT_DIR/consolidated-report-$TIMESTAMP.md"
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
MAGENTA='\033[0;35m'
CYAN='\033[0;36m'
NC='\033[0m'
BOLD='\033[1m'
# Track results
declare -A AUDIT_RESULTS
declare -A AUDIT_TIMES
TOTAL_START_TIME=$(date +%s)
# =============================================================================
# FUNCTIONS
# =============================================================================
print_banner() {
echo ""
echo -e "${MAGENTA}╔══════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${MAGENTA}║ ║${NC}"
echo -e "${MAGENTA}${BOLD} COPPERTONE.TECH COMPREHENSIVE AUDIT SUITE ${NC}${MAGENTA}${NC}"
echo -e "${MAGENTA}║ ║${NC}"
echo -e "${MAGENTA}${NC} ${CYAN}No Stone Unturned • No Feelings Spared • Maximum Critique${NC} ${MAGENTA}${NC}"
echo -e "${MAGENTA}║ ║${NC}"
echo -e "${MAGENTA}╚══════════════════════════════════════════════════════════════════╝${NC}"
echo ""
echo -e "${YELLOW}Started: $(date)${NC}"
echo -e "${YELLOW}Output Directory: $MASTER_OUTPUT_DIR${NC}"
echo ""
}
run_audit() {
local script_name="$1"
local script_path="$SCRIPT_DIR/$script_name"
local audit_name="${script_name%.sh}"
if [ ! -f "$script_path" ]; then
echo -e "${RED}[SKIP] $script_name not found${NC}"
AUDIT_RESULTS["$audit_name"]="NOT_FOUND"
return 1
fi
if [ ! -x "$script_path" ]; then
chmod +x "$script_path"
fi
echo ""
echo -e "${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo -e "${BOLD}Running: $script_name${NC}"
echo -e "${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
local start_time=$(date +%s)
if "$script_path" 2>&1; then
AUDIT_RESULTS["$audit_name"]="SUCCESS"
echo -e "${GREEN}[✓] $script_name completed successfully${NC}"
else
AUDIT_RESULTS["$audit_name"]="COMPLETED_WITH_FINDINGS"
echo -e "${YELLOW}[!] $script_name completed with findings${NC}"
fi
local end_time=$(date +%s)
local duration=$((end_time - start_time))
AUDIT_TIMES["$audit_name"]="$duration"
echo -e "${CYAN}Duration: ${duration}s${NC}"
}
generate_consolidated_report() {
echo ""
echo -e "${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo -e "${BOLD}Generating Consolidated Report${NC}"
echo -e "${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
cat > "$CONSOLIDATED_REPORT" << EOF
# Coppertone.tech Comprehensive Audit Report
**Generated:** $(date)
**Audit ID:** $TIMESTAMP
---
## Executive Summary
This report consolidates findings from all automated audit scripts run against the coppertone.tech codebase and infrastructure.
### Audit Execution Summary
| Audit | Status | Duration |
|-------|--------|----------|
EOF
for audit in "${!AUDIT_RESULTS[@]}"; do
local status="${AUDIT_RESULTS[$audit]}"
local duration="${AUDIT_TIMES[$audit]:-N/A}"
local status_emoji=""
case "$status" in
"SUCCESS") status_emoji="✅" ;;
"COMPLETED_WITH_FINDINGS") status_emoji="⚠️" ;;
"NOT_FOUND") status_emoji="❌" ;;
*) status_emoji="❓" ;;
esac
echo "| $audit | $status_emoji $status | ${duration}s |" >> "$CONSOLIDATED_REPORT"
done
local total_end_time=$(date +%s)
local total_duration=$((total_end_time - TOTAL_START_TIME))
cat >> "$CONSOLIDATED_REPORT" << EOF
**Total Audit Duration:** ${total_duration} seconds
---
## Detailed Reports
The following detailed reports have been generated:
### Go Backend Audit
Location: \`audit-reports/go-audit/\`
- Static analysis (go vet, staticcheck)
- Security scanning (gosec, govulncheck)
- Code complexity analysis
- Dead code detection
- Error handling patterns
- Hardcoded secrets scan
- Test coverage
### TypeScript/Vue Frontend Audit
Location: \`audit-reports/frontend-audit/\`
- TypeScript type checking (strict mode)
- ESLint comprehensive analysis
- Vue anti-pattern detection
- Security audit (XSS, secrets, localStorage)
- Dependency analysis
- Bundle size analysis
- Accessibility audit
- Performance patterns
- Code duplication
- Test coverage
- Dead code detection
### SQL/Database Audit
Location: \`audit-reports/database-audit/\`
- Migration file analysis
- SQL injection vulnerability scan
- Schema design review
- Query performance patterns
- Connection management
- Data integrity checks
- Sensitive data handling
- Error handling in queries
### Security Audit
Location: \`audit-reports/security-audit/\`
- Hardcoded secrets (comprehensive)
- Authentication implementation
- Authorization (RBAC) review
- Input validation
- XSS/CSRF protection
- Security headers
- Rate limiting
- File upload security
- Cryptographic practices
- Error information leakage
- Logging and audit trails
- Known vulnerabilities
- Container security
- Git security
### Infrastructure Audit
Location: \`audit-reports/infrastructure-audit/\`
- Container configurations
- Compose file analysis
- CI/CD pipeline review
- Configuration management
- Network security
- Secrets management
- Logging and monitoring
- Backup and disaster recovery
- Resource management
- Dependency management
- Documentation completeness
---
## Critical Items Checklist
Review the individual reports for detailed findings. Priority items to check:
### 🔴 Critical (Fix Immediately)
- [ ] Any hardcoded secrets or credentials
- [ ] SQL injection vulnerabilities
- [ ] Authentication bypass possibilities
- [ ] Exposed sensitive data
- [ ] Known CVEs in dependencies
### 🟠 High (Fix Before Production)
- [ ] Authorization gaps (RBAC enforcement)
- [ ] Missing input validation
- [ ] XSS vulnerabilities
- [ ] Insecure direct object references
- [ ] Missing rate limiting
### 🟡 Medium (Address Soon)
- [ ] Excessive code complexity
- [ ] Missing error handling
- [ ] Dead code
- [ ] Accessibility issues
- [ ] Performance anti-patterns
### 🟢 Low (Track for Improvement)
- [ ] Code style inconsistencies
- [ ] Missing tests
- [ ] Documentation gaps
- [ ] TODO/FIXME comments
- [ ] Outdated dependencies (non-security)
---
## Recommendations
1. **Immediate Actions:**
- Review all CRITICAL findings in each audit report
- Rotate any exposed secrets immediately
- Patch any known vulnerabilities
2. **Short-term (1-2 weeks):**
- Address all HIGH severity findings
- Implement missing authorization checks
- Add input validation where missing
3. **Medium-term (1 month):**
- Reduce code complexity in flagged functions
- Increase test coverage
- Address accessibility issues
4. **Ongoing:**
- Integrate these audits into CI/CD pipeline
- Run security scans on every PR
- Regular dependency updates
---
## Report Locations
All detailed reports are stored in:
\`\`\`
$MASTER_OUTPUT_DIR/
├── go-audit/
├── frontend-audit/
├── database-audit/
├── security-audit/
├── infrastructure-audit/
└── consolidated-report-$TIMESTAMP.md
\`\`\`
---
*Generated by Coppertone.tech Audit Suite*
*No stone unturned. No feelings spared.*
EOF
echo -e "${GREEN}Consolidated report generated: $CONSOLIDATED_REPORT${NC}"
}
print_summary() {
echo ""
echo -e "${MAGENTA}╔══════════════════════════════════════════════════════════════════╗${NC}"
echo -e "${MAGENTA}${BOLD} AUDIT COMPLETE ${NC}${MAGENTA}${NC}"
echo -e "${MAGENTA}╚══════════════════════════════════════════════════════════════════╝${NC}"
echo ""
local total_end_time=$(date +%s)
local total_duration=$((total_end_time - TOTAL_START_TIME))
echo -e "${CYAN}Total Duration: ${total_duration} seconds${NC}"
echo ""
echo -e "${BOLD}Results Summary:${NC}"
for audit in "${!AUDIT_RESULTS[@]}"; do
local status="${AUDIT_RESULTS[$audit]}"
local duration="${AUDIT_TIMES[$audit]:-N/A}"
case "$status" in
"SUCCESS")
echo -e " ${GREEN}${NC} $audit (${duration}s)"
;;
"COMPLETED_WITH_FINDINGS")
echo -e " ${YELLOW}!${NC} $audit (${duration}s) - has findings"
;;
"NOT_FOUND")
echo -e " ${RED}${NC} $audit - script not found"
;;
*)
echo -e " ${RED}?${NC} $audit - unknown status"
;;
esac
done
echo ""
echo -e "${BOLD}Reports Location:${NC} $MASTER_OUTPUT_DIR"
echo -e "${BOLD}Consolidated Report:${NC} $CONSOLIDATED_REPORT"
echo ""
echo -e "${YELLOW}Review all reports carefully. Address CRITICAL and HIGH severity issues first.${NC}"
echo ""
}
show_help() {
echo "Usage: $0 [OPTIONS]"
echo ""
echo "Options:"
echo " -h, --help Show this help message"
echo " -a, --all Run all audits (default)"
echo " -g, --go Run only Go backend audit"
echo " -f, --frontend Run only TypeScript/Vue frontend audit"
echo " -d, --database Run only SQL/Database audit"
echo " -s, --security Run only Security audit"
echo " -i, --infrastructure Run only Infrastructure audit"
echo " --live Include live system checks (requires running services)"
echo ""
echo "Examples:"
echo " $0 Run all audits"
echo " $0 -g -f Run Go and Frontend audits only"
echo " $0 --security Run security audit only"
echo " $0 --all --live Run all audits including live system checks"
}
# =============================================================================
# MAIN
# =============================================================================
# Parse arguments
RUN_GO=false
RUN_FRONTEND=false
RUN_DATABASE=false
RUN_SECURITY=false
RUN_INFRASTRUCTURE=false
RUN_ALL=false
INCLUDE_LIVE=false
if [ $# -eq 0 ]; then
RUN_ALL=true
fi
while [[ $# -gt 0 ]]; do
case $1 in
-h|--help)
show_help
exit 0
;;
-a|--all)
RUN_ALL=true
shift
;;
-g|--go)
RUN_GO=true
shift
;;
-f|--frontend)
RUN_FRONTEND=true
shift
;;
-d|--database)
RUN_DATABASE=true
shift
;;
-s|--security)
RUN_SECURITY=true
shift
;;
-i|--infrastructure)
RUN_INFRASTRUCTURE=true
shift
;;
--live)
INCLUDE_LIVE=true
export INCLUDE_LIVE_CHECKS=true
shift
;;
*)
echo -e "${RED}Unknown option: $1${NC}"
show_help
exit 1
;;
esac
done
# If all flag is set, enable everything
if [ "$RUN_ALL" = true ]; then
RUN_GO=true
RUN_FRONTEND=true
RUN_DATABASE=true
RUN_SECURITY=true
RUN_INFRASTRUCTURE=true
fi
# Create output directory
mkdir -p "$MASTER_OUTPUT_DIR"
# Print banner
print_banner
# Run selected audits
if [ "$RUN_GO" = true ]; then
run_audit "01-go-audit.sh"
fi
if [ "$RUN_FRONTEND" = true ]; then
run_audit "02-typescript-vue-audit.sh"
fi
if [ "$RUN_DATABASE" = true ]; then
run_audit "03-sql-database-audit.sh"
fi
if [ "$RUN_SECURITY" = true ]; then
run_audit "04-security-audit.sh"
fi
if [ "$RUN_INFRASTRUCTURE" = true ]; then
run_audit "05-infrastructure-audit.sh"
fi
# Generate consolidated report
generate_consolidated_report
# Print summary
print_summary
exit 0
Reference in New Issue View Git Blame Copy Permalink